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, Wbai> the 'tfiFferpr**? The tjvo are dtj^itel^ plated. no 

denying that , 1 But ! they art fair Trprii identical One; erf J^nwst 
outstanding differences lies in the Act that people wiki dfaiin to he 
’’^afraid” of compute rs ( vi hither it V because of their efficiency, rapid 
growth, of wtoeVet>teitf iofc^ the things. But people 

wh&.iA^unilfentaitd computed are the ones who are running and 
rt&ubltifig them. ■-. . .= 

--, :.(twt ^fithjki ; m*=rt|>ottcd that -.Tom Teimpidii; who operates a 
computer bulletin board system from his home intb^|j^^igtJ^ 4 rtA T 
. j^^^uipjT^tjrei^ by the ^Os An^ksPolioe Depffltra^tJ Why? 
.S^.ehodyv y if be re had called up his^ystem an£ lefian AT AT 
cipdit rtl r! ... i fie Teltphouit fcyiklcut: to 

rfejt it& hiu^cfcs- drfficiafs 1 Thyolve^ m the cas? l insiit tfiai the "system 
’operator be ^jjfp.'The 

itibhWHd appl^rited t+kle s^kkrt-Vr rrii rrl: ; Sd fWrfci-r Cbtirt Judge Robert 

Fratianne, was quoted in info Wo r Id a.<*ayi tf£- * As -fat a s [cahset, for 
someone 'to vUtifhntif-^br^riiytJttft! crirtte:; (Hfcy to hiivt the 

knowledge, the: sowipratTiiV’ and; the atou toanillegflt fiuMn] 
|u^rdi^l^^An^n«j£njcrw wMrhe’s talking alwui^WhatJm the rid 

, js^.R r^^boM^l Jciptf flqitipnvnl is^ liking The 
■,pTi|ly ^yipmeot here.is a b^c p^puicc!^ aruodicFg^K;le< oa^gfibe 
officials claims that he knows all about this, kind of. thing, because he 
saw Wgr Gomes , Ihefilm where. a Laities to start a nuclear wtur. 
Ferheps he didn't seethe same film as fne rest of the world, but in any 
etent, seeing Odmes, whether you understand it or not, doesn't 
make -you an automatic expert on Anything having to do with 
computers! This is what is known as aggressive ignorance. 

Another fun thing that happened lasTmotithwai theTRW escapade. 
The ration was shocked to find out that the TRW computer, which 
houses credit inf-armatittvon a large number of people, might have 
bccn broMQ iptt>. Nobody, knew what, hadeven happened! Did 
someone raid ^systemand destroy or chongemfo? Did the feds bust 
another p&R for posting “illegal" jjifq?Wepe real criminals involved 
this time? Did a large b|U get Bent loan innocent corporation? 
According to all of the articles thai have been written, not one of the 
above happened, but they all could have happened, So where is the 
story?! Are they saying that the worst thing that happened here was the 
posting of this nifty ifnbrhtstibn somewhere? Well, that> not even 
interest mgrinoe any employee that uses the system couM tell someone 
ekcahtitit.Lt at any moment, • -■■■■' 

Again, what we. are B«ing here it aJoiture to -appreciate the full 
implications of such a thing. There is a story in this whole TRW thing. 
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docBhT matter if most of the irtfo^natidr« lS :iri4iiy wfd^.tM people 
will mad it. Nobody xtants 1 to' read sibout htitv wieYe f^ihg whatever 
freedom wc have left, liot tda^ machine, but to the people running the 
nwchi'tK; 1 t's depressing to heat about your entire life story being 
written to disk somewhere and to know that there^ not a thing you can 
do about ih But, like k or not, this is exactly what's happening. 

Ilk quite possible that TRW has a file on you t]ra.t eon be checked 
and appended by people all over the place, [ts ^boieolirely possible 
that some of that information is- wrong, Aud it S a fact ih'^J 
claims no responsibility for the accuracy of this info. But even if all of 
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' E -dOmpbl^SvWhht kijft liFa ; sticreiy art kcfieadirtg tbw^#tSki wants 
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, p*p*j>, t t*yt bjg^ probto^jthriximpute^ utf the habere. 

People wtredo little more than type fiiwrtf jaumbeps ; ont^a.te^rqjnal 
and do a little bit of thinking are. refereed' to fl^rmai^as.^^ylcr 
geniuses and computer bandits by lire media. Arid ready every stbty 
written about such things k full of astronomical kpses. mtakfor- 
mat ion, corporate sympathy, and iht obligatory Donn Parkerquotes. 

Tfw Washington Bolt recently did a three-parl stoiy on “odbiptiter 
crime? 'which said absolutely nothing : It- £tm\d ^ : liev i e , 'bben 

mamu&ctured by^ a Computer program f.' ■ r>T 

Meanwhile, Icgislaiofs are trippipg -over themselves- trying id: get 
laws passed- to control these computer people before they fnkftoyefJhc 
■world . The intensity with which the FBI h&sehased hadeer^ Uf Repast 
year or so indicates the power they think those withco^pot^ 
have or are capable of achieving. And most of this fuss is bjwi^jiadt 
over people simply accessing other systems. What in the wpr^|^jp|mg 
to be the reaction when people finally start to use the computers, to 

calculate arid design? 

A new bill has: been proposed to outlaw computer crime- Ufi*i/ibai 
wonderful? Do you know what they consider ft computer tirime? 
Personal use of a computer in the workplace. This meam that if an 
: , pffree worker were to open a file and write a note to himself Rmioditlg 
r hunto ^op^Vtheri^re lateflori, ta&Hre emwniktmga fclooy^Flw»are 
.r .flSpjii Mte ^rbitts ji^ut womW ftwrtwre 

committed with the help of computera. In other words, stealing is 
v steal^but st^llbg witha.coippjit^ iss^li^an4aJb^fr.r, r 

even/thing .m its wwer to. preyenf- the soyrets go® obtaining 
-cdmpUfeix lilit ire p^tfciiilly "a 4ible a d bii ri here ^ i bti 1 d 

this possibly achieve in the long run? And why pick bn'tht^ - ^pilic ? *\ 
It s not a weapon in itself, but merely a Urol. A vifc/tool , vti buWtih 
tool. 

It's clear that computer people are in for an era of- harassment from 
the authorities, who havenT been this riled up since Prohibition. And 
. everyone clre.vrijl be fating itfrgm the.computcrohuiet^srtoiKist 
oft trrpking ovefychirig ^at We pan aiiryisft by i[t*ying^nkc 

But we'd better start working on it. 
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MCI MAIL: The Adventure Continues 


You really have to hand it to thou folks over at MCI. Pint 
they tackle Ma Bell arid nowtheyYe going after the U.S, Postal 
Service! MCI Mail's slogan, “The Nation's New Postal 
System,” is printed on every bright orange envelope that they 
send through, you guessed it. U.S. Mail. 

On this system a user is assigned a “mailbox 7 ' that he can use 
to send and receive mail. Sending is done either electronically, 
that is. to other people with MCI mailboxes or through the post 
office, which covers everybody etoe in the worid. The first type 
of letter will cost you 5 L for the first three pages while the 
second type is double the cost. It's also possible to send an 
overnight letter ($6) ora four-hour letter (S25) to some places. 

The purpose of MCI Mail L$ to stimulate the use of electronic 
mail by making it more accessible to the average person. For 
that we must give them credit — anybody can get an account on 
this system? There is no start-up fee and no monthly fee of any 
kind. To gel an account, all you have to do is call thenv— either 
by voice ordata. If youcall by data (see page 5 of April issue of 
2600 for number*), you 11 have to enter REGISTER as the 
username and REGISTER as the password. The rest is self- 
explanatory. After a couple of weeks, youll get in the mail 
(regular mail, that is) a big orange envelope that has, among 
other things, your password. With this info, you're now free to 
log Onto the system, look for people you know, send and 
retrieve messages, read all of their help files, or even hop onto 
the Dow Jones News Service (watch it though — that can get 
pretty expensive!) 

The system is set up on a network of Vaxes throughout the 
country. They Ye been operating since September I9&3 and 
claim to have over 100,000 subscribers. Many of these are 
actually subscribers to the Dow Jones service, who are 
automatically given MCI Mail accounts whether they want 
them or not. 

While the rates aren’t overly expensive, they Ye certainly not 
cheap. Mailing regular letters is much cheaper and often just as 
fast since not eve ly M Cl Mail user checks their mailbox every 
day. Apart from that, though, there are many problems with 
the system as it stands now. For one thing, it can take foiever 
getting on it, particularly through the SQ0 numbers. When you 
finally do get a carrier, you should get a message like this after 
hitting two returns: 

Fort 21. 

Please enter your user name: 

Enter the username you selected and the password they 
assigned you. It should say, “Connection initiated ..-.Opened.* 1 
From that point on, you're in. 

But the system will often appear to be bogged down. Often 
you have to hit twenty returns instead of two. Sometimes the 
system won't let you in because all connections are “busy". 
Otheriimes it willjustdrop the earner Real mailboxes don't do 
that. 

Another thing that will drive you crazy are the menus. Every 
time you enter a command, you get a whole new menu to 
choose from. If you're at 300 baud, this can get pretty annoying, 
especially if you know what all the options ait. There art two 
ways around this: get the advanced version, which allows you to 
enter multi-word commands and even store some files, at a cost 
of $10 per month, or simply hit a control O. 

One part of the system that works fast and is very convenient 
is the user info. As soon as you type the command CREATE to 
begin writing® letter, youll be asked whoyou want to stud it to. 


Enter cither the person's last name, first initial and last name, or 
username (which is usually one of the first two, but which can 
be almost anything the user desires). Immediately, youll get a 
list of everyone with that name, as well as their city and state, 
which often don't fn properly on the line. Then are no reports 
of any wildcards that allow you to see everybody At once. (The 
closest thing is *R, which will show all of the usernames that 
you Ye sending to.) It safe’ impossible fur a user not to be seen if 
you get his name or alias right. It's a good free information 
retrieval system. But there's more. 

MCI Mail can also be used as a free word processor of sorts. 
The system will allow you to enters letter, or for that matter, a 
manuscript. You can then hang tip and do other things, come 
back within 24 hours, and your words will still be there. You 
can conceivably list them out using your own printer on a fresh 
sheet of paper and send it through the mail ail by yourself, thus 
sparing MCI MaiJ^ laser printer the trouble. You Could also 
shale your account with somebody else and constantly leave 
unsent drafts for each other. Again, they have to be retrieved 
within 24 hours. 

Yet another way of getting "free" service from these people is 
to obtain many different accounts. There docsnY seem to be any 
kind of a limit on this and since each account comes with 52 of 
free messages, a few accounts can get you quite a bit of free 
service. And, of course, there's no charge for receding messages 
on any of these accounts, 

2600 has learned of several penetrations onto MCI Mail by 
hackers. This isnY really surprising considering (a) there are 
multiple usernames, i.e. John Smith's username would always 
default to JSMITH, which means that several passwords can 
work for one username: (b) all passwords seem to follow a 
similar pattern— & character* with the odd-numbered characters 
always being consonants and the even-numbered ones always 
being vowels — any true hacker would obtain several accounts 
and look fpr any correspondence between the random password 
and the account number everyone is assigned; (c) MCI Mail 
doesn't hang up after repeated tries— the only thing that will 
make it disconnect intentionally is inactivity on your part. 

But by far the biggest blunder that MCI Mail has made is not 
found on t(je system. It lies in their bills. There iy/io carry-over 
from month to month f If you get billed for S& one month and 
you don Y pay it , then proceed to use the system for S3 more the 
next month, your next bill will only show the S3! The 58 has 
vanished! (This is by far the dumbest mistake we have ever 
reported in these pages.) 

You'll find quite a few unanswered questions in your travels 
through MCI Mail, which you can try to solve by reading the 
HELP files or by sending a free message to MCIHELP. It 
usually takes them a couple of days to respond to you instantly, 
however. 

There are some software lapses as well. The system seems to 
be patterned largely after GTE Telemail, but it never really 
reaches that level of clarity. A small example oan be seen in the 
'Scan tables, which have a heading of Prom, Subject, Size, etc. 
On outbound messages, the name of the person you're sending 
to appears under the From heading? Pretty silly. 

MCI Mail shows every indication of overspending with a 
passion. Free messages, free accounts, sloppy programming, 
toll-free dialups, single sheets of paper (like their bills) sent in 
huge envelopes, etc. Either they Ye very optimistic out there or 
they Ye very naive. 

(MCI Mail can be reached at 8004246677.) 
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n>fnhw#d N«*n Seurat* 

The city of New York has come up with a new way to fight 
parking scofflaws. It + s called SIDNEY- -Summons Issuing 
Device for NEw York. It's a handheld computer terminal that 
will be able to get information about License plate numbers that 
are “suspected" of being attached to scofflaws. 

The device weighs less than five pounds and looks rather like 
a calculator. It would ask whoever was operating it to enter the 
color, make, model, registration expiration, location, time, and 
nature of violation. SIDNEY would then prim out a water- 
proof parking ticket and at the same time check its HhQOQ-plate 
memory to see if the license plate belonged to a scofflaw or a 
stolen car. An appropriate message would then be flashed on 
the screen. Details of each ticket issued would be stored in the 
device and entered automatically into the main computer 
system each day. 

There hasn’t been much talk circulating about what will 
happen when these things get stolen and fake tickets are handed 
out by the thousands. It is expected that these creatures will be 
turned loose into the hands of meter-maids within two years. 
The contract for producing SIDNEY has tentatively been 
awarded to Citisource of New Jersey. 

Bell to AT&T: Get Lost! 

^WKiated Pilu 

One of the so-called “Baby Bells" is displaying its Lndepen- 
" v . dence front its former parent— AT&T. Southwestern Bell says 
it + s chosen GTE Sprint to provide long-distance telephone 
service for its Houston operation. 

By using GTE Sprint instead of AT&T, Southwestern Bell 
figures to save about fifty thousand dollars. Long distance 
service from Houston currently costs the former Bell system 
unit about $300,000 a year, 

GTE Sprint will replace AT&T in Houston in mid-August. 

Five Arrested in Phone Fraud 

The hew York Tim 

Five Manhattan residents were arrested last month on 
charges of defrauding the New York Telephone Company by 
. making more than 1 ,500 illegal telephone calls, mostly to the 
Dominican Republic, in a three-day period. 

The Manhattan District Attorney^ office said the suspects 
used “blue boxes** to make the calls. The five were charged with 
possession of burglary loots and theft of services. One was also 
charged with selling a stolen credit card number to an 
undercover investigator and using such numbers to make calls 
for other people. He could get four yeare for his trouble. 

Supposedly, the suspects were offering neighbors low-cost 
lopg distance calls, however they frequently charged more than 
the cost of legitimate calls! 

An Official Crackdown on Hackers 

Contained hw&WKfr 

According to Rep, William Hughes (D-N.J.), computer 
^ crime is increasing by Icapsftnd bounds. Speaking on the House 
floor, Hughes said, “It's time we recognised that computer 
— ^ 1 hackers* who intrude into data banks are not just mischievous 
kids looking for fun. They're engaging in illegal activities which 
pose potentially serious threats to our society." 

He urged quick passage of the Counterfeit Access Device and 
Computer Fraud and Abuse Act of 1984* being sponsored by 
him and eight other House members, including Democrats and 



Republicans. 

Die House Judiciary Committee took a step towards making 
it a crime for hackers to break into systems such as TRW by 
adopting an amendment by Rep. Dan GLickman (D-Kan.). His 
proposal would make it a misdemeanor to raid computer files 
containing private credit histories or banking information. 

A subcommittee staff lawyer said the bill would dose 
loopholes in existing federal and state laws by making it a 
felony offense to access a computer without authorization and 
with intent to defraud, if that act enables the perpetrator to 
obtain anything worth at least $5,000 over a one-year period or 
any classified government information. 

The bill is expected to come before the full House either late 
this month or in early August. 

Pay Telephones Deregulated 

MW Ski-vet 

On June 15, the FCC decided to allow justabout anybody to 
get involved in the pay phone business. Up until now, pay 
phones have been provided by whichever local company serves 
the area. But with this new ruling, all kinds of new companies 
will be seen. In fact, some phones may even have different 
prices! And, of course, it's to be expected that each of these new 
types of phones will have their own quirks and bugs. Look for 
Matrix, Tonka, and Paytel phones in the near future. 

Of course, there will be disadvantages. Some phones will 
only be able to dial locally. Others won't be able to reach 9 1 1 or 
information. Many will probably be rotary and most will 
certainly break down more frequently. Still, diveraity is what 
makes this entire field so interesting. 

“You Must First Dia! a One...” 

AHoraTed Preii 

As of July 1 st, 3 million customers in New Jersey had to start 
dialioga one before area codes when calling long distance. This 
leaves 302 and 516 as the last remaining areas in the countiy 
that donX have to do this. 

Company officials say the new system was introduced to 
provide 152 more exchanges to meet increasing customer 
demand. Under the new system. New Jersey Bell will begin 
using certain area codes as telephone exchanges. They will 
avoid using area codes of neighboring states to prevent mass 
confusion. 

Information News 

OimlMad Krturcfa 

Starting this month, MCI will connect subscribers to long 
distance information just like AT&T does. And, like AT&T, 
MCI will offer two free information calls per month, provided 
their service is used for at least two long distance calls in that 
same month. After that, they will charge for a call to 
informal ion, just Like AT&T does! So what's the difference? In 
the price, of course. AT&T charges a hefty fifty cents for each 
call to directory assistance, while MCI will be under-selling 
them with an affordable 45e, Good old capitalism. 

In another development, a computer program to help find a 
telephone number without complete information from the 
caller has been patented by Richard H. Boivie for Bell Labs. In 
cases where the caller can give the. information operator the 
name of the person being sought, but is unsure about the 
spelling, the computer will trace alternative spellings. It will 
also sort through different addresses for the most Likely 
candidates. 




INTRODUCING THE CLEAR BOX! 


A new device has ju&t been invented. Uncalled thc H dearbon" [(can 
be used throughout Canada and through rum] United SHKt- 
This interesting gadget works on ‘"post-pay'" payphones* in other 
words, those phones that don't require payment until after the 
connection has been established. You pick up the phone, get a dial 
tone, dial your number, and then put in your coins after Ihe person 
answers. If you donT deposit money, you can't speak to the person at 
(he other end, because your mouthpiece is cut off — but not your 
earpiece. fYs, you can make free calls to the matter, etc. from such 
phones.) 

In order to bypass this, al! one has todo is visit a nearby electronics 
store, get a 4-transistor amplifier and a telephone suction cup 
induction pick-up. The induction pick -up would be hooked up as it 
normally would to record a conversation, except that it would be 
plugged into the output of the amplifier and a microphone would be 


hooked to the input So when the party answers, the caller could apeak 
through the little microphone instead, his voice would then go through 
the amplifier* out the induction coil, and into the back of the receiver 
where h would then be broadcast through the phone lines and the other 
party would be able to hear the caJkr. The clear box thus "clean" up 
the problem of not being heard. 

The line will not cut off after a certain amount of time— it will wait 
forever for the coins to drop in. . 

Many independents are moving towards this kind of stupid payphone 
system. For one thing, it*s a Cheap way of getting DTF {dial tone first) 
service. It doesnlt require arty special equipment- That type of 
payphone will work onany kind of a phone line. Nwmsllys payphone 
line is different, but this isiusta regular phone line and ii^ set up so that 
the payphone does all of the charging, not the CO. With the recent 
deregulation of payphones, this kind of a system could become very 
popular 


LETTERS FROM OUR READERS 


6/I4/S4 

Dm - 2600 : 

A few exchanges in my vicinity have recently upgraded their 
switching equipment. On 11/5/83, 914-268 switched from a 
SxS to a Northern Telecom DMS 100. 914-634 & 638 also 


switched from a No. 5 Crossbar to a DMS1Q0 on 6/9/ 84. 

Through trashing, 99XX scanning, and “social engineering,” 
1 have found out the following: The suffix 990 1 is a Verification" 
recording. In 268:9903,9906,9909,991 1, 9912, & 991 3 are all 

various recordings. 

Another neat function on DMS 100 is that you can hear the 
MF tones after most calls. NYTelco calls this the sound of their 
new system helping to serve you better. 

Also, these CD's are under NYTelco jurisdiction. Yet. they 
bought from Northern Telecom DMS100 instead of a "nice” 
ESS system from Western Electric. Could this be the break-up 
at work? 

This equipment offers ESS functions such as call waiting, call 
forwarding, dial-tone^first fortresses, etc. My question is: What 
type of toll-fraud equipment is standard or optional for the 
DMS 1 00? Does it record everything like a pen register? Etc... 

Curious 


Dear Curious: 


First off, our compliments on your ability to notice the 
changes that most people miss. As far as your 9901 discovery* 
many exchanges in your area have been known to do that. If 
you dial XXX -9901 , you'll hear a computer read the exchange 
and area code. It doesn't really serve much of a purpose. But 
interesting things can always be found in the 99XX area, if your 
company uses it. 

Concerning the DMSIG0* it is the break-up of the Bell 
System to an extent. New York Telephone has been buying 
equipment from Northern Telecom for some time now. But 
since the divestiture* they've become a little more flagrant about 
it. You'll see quite a bit more experimentation with products 
from other suppliers in the near future. The DMSIQO is a very 
good switch, but it's got certain drawbacks as far as phone 
phreaking is concerned. It does have certain “devices", These 
don't work exactly 3 ike a pen register, but they wind up having 
the same effect. What is done is this: if you happen to send a 
2600 Hertz tone down the line, DM 5 100 will make a Computer 
record of whatever you did in the surrounding time. They 
automatically investigate your line if this is detected more than 
an undeteimined amount of times. This is where the pen 
register comes in. The system is already equipped to handle a 
pen register through a special box in the exchange that> set up 
entirely for that purpose. This box ties into their automatic 
surveillance equipment. So it's kind of a two step process, but 


the DMS 1 00 makes it much easier. 

So far, we haven't been able to find any advantages (or bugs) 
in a DM SI 00, We will continue to look, though. Regarding the 
MF tones* they're simply not being filtered as they are in most 
places. The GTD#5 (nude by GTE) and the DMSIQO both* as a 
rule, only filter about ten percent of the MF tones. They also 
don’t filter out rotary outpulses, whenever they exist. Perhaps 
it's a way of cutting comers, 

DMS 100, as you know, sounds just like ESS. About the only 
way you can tell if youVe dialed into one is if you hear 
absolutely no clicks or pops when the party answer** as you do 
with ESS, crossbar, and step. Instead you hear a real faint, mild 
tick. When dialing out on one, you won't hear any clicks either. 
Dear 260ft 

I hear you people are keen on answering people's questions, 
so answer me this: What ever happened to that operator who 
was so damn nasty that she refused to call that ambulance for 
this guy's dying mother just because be used a couple of cuz 
words on the telephone? By the way, the lady died a horrible 
violent death, I think. (1 think the operator didn't die yet.) Oh 
yea, 1 also think that there was some aorta lawsuit against the 
nasty -oppy or the telco or someone. 

RC 


Dew RC 

The incident you're referring to took place a few months ago. 
It happened in Dallas, Texas and it concerned a man who was 
trying to get an ambulance for his mother-in-law who was 
having a massive heart attack. Not only did the operator refuse 
to send an ambulance until the woman herself got on the phone, 
but her supervisor aho got on the line and said something to the 
effect of, "Sir, if you don't quit cussing out the operator, I'm 
going to have to hang up on you." 

The operator was fired and the supervisor demoted. But both 
are currently claiming that they were only following orders. The 
city of Dallas allegedly said that at all costs an ambulance 
should nit he sent out unless it was an extremely life threatening 
situation. Anonymous people have even come forward and 
claimed that bonuses were offered to those who sent the least 
amount of ambulances out! 

We should say that thii doesn't involve the phone company, 
since it wasn't their operators who handled this call. Any 
lawsuits would be against ihe city of Dallas, in all likelihood. 
It's also interesting to note that there is no9l 1 service in Dallas. 
Residents there dial 744-4444 instead, perhaps an advanced 9 1 1 
service might cut back on the fake calls they're supposedly 
plagued with since such systems immediately truce hack the 
number calling and do an instant CNA on it. 

(Wriit to Box 752, MtikBc hhmt, NY I&S3 MCI Mail t&. 2600.J 
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TRW Information Services is America's largest credit 
reporting institute, containing the credit histories of over 90 
million Americans online. . 

Recently it was reported thata password belonging to Sears, 
Roebuck, A Co H was stolen. TRW and the media are currently 
circulating several conflicting reports about the use of the 
account. Some reports insist that the account was never used 
illegitimately. Others say that 'criminals* used the account to 
pillage credit card numbers to illegally buy goods and services 
while knowing the account limit. Another account of the 
incidents) says it was merely hackers exploring a very 
interesting system. It seems hard to believe that hackers 
managed to infiltrate TRW, since the system is basically user 
spiteful* but they seem to have pulled it off. 

Once the subscriber initiates a connection with one of the 
many dial-ups* located in most major cities, the system will 


hospital is given as the main address, 33333 would be vied as 
the house number. When an address is General Delivery, 44444 
would be the house number and G would-be the street name. 
Others; ITS, Air Fmnce* 55555 A; U.S. Army, 66666 A; U " 
Coast Guard, 77777 C; VS, Marines, ftflggg Mi ITS* N* 
99999 N .) 

AssumLig the subscriber is calling from a California business 
and he is requesting areport on Winston Smith at 3 Main 
Street, Anytovm, CA 90003 he would type the following after 
the controFQ: 

TCA2 (This identifies the subscriber as being from CA) 

RTS 33xxxxxAB€ SMITH WINSTON 3M9M03, 

In this case, the subscriber password was ABC and the account 
number was represented by 33 hmx. 

At this stage* he can request the report printout by typing a 
terminating controls or he can tell the computer some 
information that it will then record into the account. This is 


identify itself with TRW. It will then wait for the subscriber to 
send an appropriate answerback (such as a controTG). Once 
this has bent done, the system will say CIRCUIT BUILDING 
IN PROGRESS along with a few numbers. After this, it dears 
the screen (CtrJ-L) followed by a coutrol-Q* Once the control-Q 
is sent, the system i s ready to accept the subscriber's request. 
The subscriber must first type a 4 character preamble which 
identifies the geographical area of the subscriber's account. For 
example: 

TCA1 - for certain Caflfomia & vicinity idMcribrn 
TCA2 - a second TRW system In OUtfcmla 
TNJ1 - their New Jeney database 
TCAl forte fTtniffi rinfihanr 

The subscriber then types a carriage return (followed by an 
optional 3 line feeds). On tbe next line* be must type his 3 
character option. Moat requests use the RTS option. OPx, 
RTx, and a few others exist. Some of these* such as RTA* 
return you with an error saying that this option is used for credit 
bureau collection activity only. TRW will accept an A* C, or 5 
as the third character. 

After the option (RTS)* a space must be skipped, and then a 1 
digit subscriber code is typed in. The first two digits represent 
the region in which the subscriber is located and the subscriber's 

industry* respectively. 

Trii*] Trite n 

1 - TVW Eoteiii h«|H O.priHcftwc rf 

2 - Tgw Mldwwteffl Kt&n l - Bari 

3 - THW W«rin 2 - Ciril Cud 

4 - MteSnlirirCriiMn 3 - Rrtri 

5 - * A - tntfl C«nl 


known as using tbe second line, which is entirely optional. The 
first option that can be specified here is a previous address. This 
can be done by typing P- followed by the house number, a 
space, the first letter of the street* another space, and the full 
up. For example, if Mr. Smith previously Jived at 2600 Elm 
Street in New York City* the subscriber would type the 
following: P-2600 E 1000 1 . He can then type a comma after this 
and move onto another option. If Mr. Smith had another 
previous address* the subsenbercan enter it in the same fashion 
as above (after the comma) ifbe omits the P and the dash. This 
is followed by a comma also. He can then enter in Mr Smith's 
Social Security number in the format of S-l 234567890. If this is 
followed by a comma, he can then enter A-age or Y-year of 
birth (4 digits* e.g. t 1964). The subscriber can next enter in 
information telling how much money Mr, Smith has requested 
and/or on what type of account This is done by typing T- 
followed by a two digit account type* a 3 digit terms* and a 3 
digit amount code. For instance* for a credit caid account 
(which happens to be #18), with a limit of S100 (001 >, which ~ ~> 
being financed for 24 (024) months, be would type: T- 1 80240C 
This information will show up as an inquiry under the 
subscriber’s name on Mr. Smith’s account. 

There is one final option on line 2 which prints a beading at 
the top of the page (TRW supplies pre-printed forms with 
“nice* columns). If the subscriber cannot afford to buy their 
paper, he would probably type H-Y to get the heading. The last 
option on Iine2 is followed by a comma* carriage return* and an 
optional line teed. For example: 

TCA2 


* - OdwflrinnidiiiiatHki J ■ L« Ftent 

wfeMn hum Ktfton ft i - S*k* F lmwrr 

■" t jjnr rrtel nri ijg tT rn 7 - Cnrii Unto* 

7 ' othtt wtUlte Wtriffl lltftan I , Sntaw * 1* 

ft - Otfwt* Wrin R**k*i < - S tnkt & mftwtawl 

Using the tables above* it is evident that the stolen Scars 
Password from Sacramento must begin with a 33 . identifying it 
as from the Western Region and as being a retail store. 

Once the subscriber enters his 7 d igit subscriber code which is 
printed along on tbe reports, he then appends a 3-4 character 
password immediately after it. ( In the Scars example, the whole 
thing was: 3319122NXK. This code has allegedly been floating 
around hacker circles for at taut two years!) Following this* he 
must type a space and then the full Last name of the person he 
wants a report on. This is followed by another space and the full 
first name. After this comes yet another space. 

Now the subscriber has 3 optional parameters. He can just 
type 3 periods after the first name and space or he can fill them 
in. The first period can be replaced by the person's middle 
initial* tbe second by the spouse's first initial* and the third by 
an S or a J which indicates Senior and Junior respectively. 

The last of the three parameters is followed by a comma. This 
is immediately followed by the house numberand a space. After 
the space, he then places the first letter of the street name. For 
example* he would type M for Main Street, a # fora P.O. box, 
or 3 for 32nd Street. This single character is then followed by 
the 5 digit zip code (mandatory) and a final comma. After the 
zip* he would hit carriage return and an optional line feed. 
(There are some special conditions which can apply to the 
house number — if an institution such as a school, motel, or 


RTS 33mmABC SMITH WINSTON ...,3 M 900*3, 

P'260* E 19*01 4313 M »1C2^-1234567?W 1 Y-19*4,T-1 *0240*1 t 
This can then be finally entered by typing a control-S. 

Rut wait! Thafte not all. The subscriber has one more option. 
He can specify the person^ employer. Let's suppose that Mr. 
Smith works for NYTelco Security at 1095 Avenue of the 
Americas in New York City. The subscriber would then type: 
E-NYTELCG SECUR1TY/1095 AVENUE OF THE AM W 
NEW YORK 10036 

After this he would enter the familiar carriage return and 
optional line feed. (TRW emphasizes to their subscribers that 
this area is for the name and address of the employment only, 
not occupation or source of income- “Do not use terms such as 
'housewife,’ ‘retired,’ ‘welfare 1 or ‘unemployed 'which could be 
considered damaging to the applicant*" a special warning 
reads.) Since this is the last bit of information that the 
subscriber can enter, he is now forced to type the inevitable 
control-S. 

The first line of the actual printout sends the page number, 
the date, the time* the port number, and the H/ V P).It will then 
print the person Y address and their employer. After this it 
should print the person’s actual credit history. Each individu^ v 
account entry Lakes up 2 lines. In the first line* the accou. 
profile, subscriber’s name and TRW account number, theiri" 
association code, and the individual Is account number with the 
subscriberare listed. The A on the left i s the account profile. A 
means that the subscriber (SAKS FIFTH* as an example) 
transmitted this information automatically from theircomputer 
(as opposed to an M, which means that the subscriber manually 
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pr. d forma with the info). The position of the A (or M) 
indicated a positive, non-mted, or negative rating (P/N) of 
the account, lit this example* the A is under the P T therefore it 
refteoLs positively upon the account The person hat an 
account with Saks Fifth Avenue. Saks' subscriber number 
onTRW is I J475l5.The person's account number with Saks 
is 26000000, 

On the second line of each entry, the account status, date 
(last) reported, the date the aooounl was opened, the type of 
account, the credit limit, current balance, and a credit profile 
are listed. For example, on the second line of the Saks entry, 
CURR ACCT indicates that it is a cdfrently active revolving 
(REV) charge (CHG) aa'ount that was opened in October 
I9S0. The account has a S6700 credit limit and as of April 5, 
1984, the person had a $55 balance on the account. The C*i 
and dashes indicate how the person pays the account. In 
March (one month prior to the balance data of the 
account was paid on time. In February , two months prior to 
the balance date, the account was also paid on time. In 
January (J)> the account was thirty days past due (I “30, 
2=60, 3=90, etc ). Ln December, the account was not reported 
by Saks as indicated by a dish. In October, the account was 
sixty days past due. Court judgments, tax Ikns, and other 
interesting facts are also recorded- 

Thc person may also have a 10C word or less statement in 
the Etc explaining certain entries in their account. (There is 
also another TRW service for business reports (similar to 
Dutm &. Bradstrcct) which has an entirely different set of 
subscriber codesand passwords, as well as access procedure) 

TRW doe silt like to be held Up for anyone. Therefore* if 
the subscriber vegetates for more than a few seconds (i.e., he 
is send tug nor receiving anything), TRW will abruptly 
a ft V ICE INTERRUPTED; PLEASE REDIAL (EM) 

as it log* him off. Incidentally, any information that the 
subscriber types on lines 2 or 3 (i.e, age, social security 
number, employer, etc.) L& automatically recorded on that 
person’s File. Any previous information on the option is 
d iscarded (in most cases). 

Technically, if a hacker hacked out an account belonging 
to a supreme court or other such institution, be could use the 
T -option to hack out the code for JUDGMENT^ TAX l 
LIENS, and other neat things. He would then be able to 
modify anyone's account to report them bankrupt or that a 
judgment was handed down. 

Hacking passwords h still reported to be very easy, Assuming 
that someone is trying to guess a password to a 3xxxxxx 
account, the following could be done: 

TCAI 

RTS 3909000 AAA (return, controFS) 
and the system fliponds with: 

*■ ii ** INVALID SECURITY PASSWORD 
and the hacker types: 

TCAI 

RTS 3909009AAB (return, control-S) 
and the system responds with: 

« xx •* format ERROR 

The hacker has correctly guessed the password — it accepted 
the password but didn't End a name field. Since account 
numbers arc very easy to get ahold of, the password is the 
only real challenge. Thai, and the fact that the system 
operates on half duplex, even parity, 7 bits, and 1 stop bits, 
which might catch a few by surprise. 

All accounts can do reports on anyone in the United States 
i^^tsafile. For example, if a California account requested 
d, n a person in New York, the system would simply 
switch over to its New Jersey database to accomodate tbe 
request. A few states though, &uch as Tennessee, have 
government control over credit information. Thus, people 
from that state cannot be found on TRW, Can you he? 


TCA2 


UTS I234567A6C SMITH WlffiTM ...*3 M 9*0 $ t _ __. 
MM £ 1*01.1313 n 561ttS-l£M567a»¥-19B4,T-J*£*i, 
E-NYTELCfl SEEURITY/1W5 AVENUE OF TIC ft€R/l€H YDffi 1*36 


1 04-63-04 15:25:02 
WINSTON SMITH 
3 WIN ST 
LOS ANGELES Cfl 


AN23 005 WITH TCfii 

4-64 wren security 

ins AttNUE OF THE WER 
l€U YORK 1*36 


/ N SUBSCRIBER MAC 
STATUS DATE 
COVENT REFT 


SUBFt t ASft 
DATE TYPE TEW AfT 
OPEN 


ACCOUNT t MONTHS PRIOR 
ML MUKE APOUjT TO BfiLMJE 
DATE PAST DIE 123436769012 
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CURR ACCT 

16*¥ 

A 

C SUCKER B#K 



CURR ACCT 

4-64 

A 

SEARS 



CURS ACCT 

3-79 

A 

mpxm 



CURR peer 

4-64 

A 

NAY CO 



CURR ACCT 

4-64 

A 

BULLOCKS 



CURR ACCT 

3-64 

A 

J N ROBINSONS 


OJRfl ACCT 

4-04 


CARTE DLAN0C 
CURR ACCT 12-63 


3111344 5 
b* PUT 46 
31113* 0 

HFV CHS KV *1* 
31*354 l 

5-77 C/C IEV 92*1 
3313642 « 

16-Y ISC 14 tin 
33743* 1 

3-63 Oil REV til* 
3374510 1 

0- 61 CHS REV -tl* 

33714* 1 

1- 77 CHS REV 93* 

3371553 4 

7-62 CHB REV $4* 
1 


1 

160* 96* 4-10-64 
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£ 

* 

a 

*» ' 4-IH4. 

3E0MN0M 
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6fi*>e* 
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ccomccccc 

-comm: 

ccccc 

ccccc 

cam 
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A 

CITIBANK 


1391556 1 

SSBMH 



DURR ACCT 

3-63 

6-76 CH6 REV -91* 

M 2-31-43 

CDC — COOC 

A 

SAKS FIFTH 


1347515 1 

2&HMSB 



CURR ACCT 

4-64 

10-M QflJ REV *67* 

133 445-44 

CC1-C2CC3CC- 

A 

NGRQSTftM 


33902*1 

» mm 



CURR ACCT 

0-63 

6-03 CHB (CV L1KN 

M 12-15-83 

CCCCC 

A 

OECD 


36*711 4 




CURR ACCT 

12-63 

6-fl3 CHB REV 915* 

91275 12-15-63 


A 

CRSI/DCSMMD 

1391554 1 




CURR ACCT 

6-02 

I m CHB REV -91* 

to 

CDC-DCCDCCDC 

A 

TWA 


2455616 I 

20000000* 



CURR A0CT 

10-Y 

10-Y CAC 24 415* 



A 

SECURITY PACIFIC NATL 311(954 1 

l2D*BB mVmVVv 



CURR ACCT 

12-62 

£-61 CAC REV *20* 

« 4-89-84 

DCC 

A 

FIRST INTERSTATE 

327*27 £ 




durr non 

4-64 

6-61 CAC REV *£500 

965 4-25-64 

caxDccccca: 

A 

CARTE BLACHE 

34252* 2 




cum ACCT 

12-63 

16-Y CAC 1 99* 

1ST 12-31-83 

cam 

A 

WESTERS AIRLlfCS 

3457670 1 




MID SATIS 7-63 
FORD DO 
CURR ACCT 13-63 
MEAT NESTEHN S 4 
OJffl ACCT 1976 
tfFILIATED CREDIT 
P D CELL AC 9-63 


it — y cac «v am 

36*155 1 
£-63 flUT 484333W4I7E39 12-31-63 
L 3651*9 t 
1974 ft/C 
3961756 I 

4-62 m INK -41* 


££0000* 


H HANTHORNE MAZDA 

3967686 


INQUIRY 

11-22-03 



A MAY CC 


3371319 


INBJIRY 

12-26-82 

ISC 


A B OF R 


3181344 


INQUIRY 

4-22-62 



FIRST INTERSTATE 

327*27 2 


PAID SATIS 

7-62 UKN CRC REV 920* 


N CD SUP CT WWHERE CO 

him « 

UkkWUHCI 

JUD60©fT 


920* 

STATE TAX 


-END 
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